CVE-2022-50980

Summary

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

Affected Software

VendorProductVersion RangeStatus
InnomicVibroLine VLX1 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX1 HD 5.02.1.1866affected
InnomicVibroLine VLX2 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX2 HD 5.02.1.1866affected
InnomicVibroLine VLX4 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX4 HD 5.02.1.1866affected
InnomicVibroLine VLX6 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX6 HD 5.02.1.1866affected
InnomicVibroLine VLX8 HD 5.02.1.1340 <= 2.1.1387affected
InnomicVibroLine VLX8 HD 5.02.1.1866affected
avibiaAvibiaLine AVLX1 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX1 HD 5.02.1.1866affected
avibiaAvibiaLine AVLX2 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX2 HD 5.02.1.1866affected
avibiaAvibiaLine AVLX4 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX4 HD 5.02.1.1866affected
avibiaAvibiaLine AVLX6 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX6 HD 5.02.1.1866affected
avibiaAvibiaLine AVLX8 HD 5.02.1.1340 <= 2.1.1387affected
avibiaAvibiaLine AVLX8 HD 5.02.1.1866affected
InnomicVibroLine VLE1 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE2 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE4 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE6 HD 5.02.1.1340 <= 2.1.1387unaffected
InnomicVibroLine VLE8 HD 5.02.1.1340 <= 2.1.1387unaffected
avibiaAvibiaLine AVLE1 HD 5.02.1.1340 <= 2.1.1387unaffected
avibiaAvibiaLine AVLE1 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLE2 HD 5.02.1.1340 <= 2.1.1387unaffected
avibiaAvibiaLine AVLE2 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLE4 HD 5.02.1.1340 <= 2.1.1387unaffected
avibiaAvibiaLine AVLE4 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLE6 HD 5.02.1.1340 <= 2.1.1387unaffected
avibiaAvibiaLine AVLE6 HD 5.02.1.1866unaffected
avibiaAvibiaLine AVLE8 HD 5.02.1.1340 <= 2.1.1387unaffected
avibiaAvibiaLine AVLE8 HD 5.02.1.1866unaffected
InnomicVibroLine VLE1 HD 5.02.1.1866unaffected
InnomicVibroLine VLE2 HD 5.02.1.1866unaffected
InnomicVibroLine VLE4 HD 5.02.1.1866unaffected
InnomicVibroLine VLE6 HD 5.02.1.1866unaffected
InnomicVibroLine VLE8 HD 5.02.1.1866unaffected
InnomicVibroLine VLE1 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLE2 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLE4 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLE6 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLE8 HD 4.01.4.1074 <= 1.4.1116unaffected
InnomicVibroLine VLX1 HD 4.01.5.1074 <= 1.5.1116unaffected
InnomicVibroLine VLX2 HD 4.01.5.1074 <= 1.5.1116unaffected
InnomicVibroLine VLX4 HD 4.01.5.1074 <= 1.5.1116unaffected
InnomicVibroLine VLX6 HD 4.01.5.1074 <= 1.5.1116unaffected
InnomicVibroLine VLX8 HD 4.01.5.1074 <= 1.5.1116unaffected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References